otto 1.5.0 → 2.0.0.pre1

data/otto.gemspec

@@ -10,18 +10,23 @@ Gem::Specification.new do |spec|
   spec.email         = 'gems@solutious.com'
   spec.authors       = ['Delano Mandelbaum']
   spec.license       = 'MIT'
-  spec.files         = Dir.chdir(File.expand_path(__dir__)) do
-    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
-  end
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   spec.homepage      = 'https://github.com/delano/otto'
   spec.require_paths = ['lib']
 
   spec.required_ruby_version = ['>= 3.2', '< 4.0']
 
-  # https://github.com/delano/otto/security/dependabot/5
-  spec.add_dependency 'rexml', '>= 3.3.6'
-  spec.add_dependency 'ostruct'
+
   spec.add_dependency 'rack', '~> 3.1', '< 4.0'
   spec.add_dependency 'rack-parser', '~> 0.7'
+  spec.add_dependency 'rexml', '>= 3.3.6'
+
+  # Security dependencies
+  spec.add_dependency 'facets', '~> 3.1'
+  spec.add_dependency 'loofah', '~> 2.20'
+
+  # Optional MCP dependencies
+  # spec.add_dependency 'json_schemer', '~> 2.0'
+  # spec.add_dependency 'rack-attack', '~> 6.7'
   spec.metadata['rubygems_mfa_required'] = 'true'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: otto
 version: !ruby/object:Gem::Version
-  version: 1.5.0
+  version: 2.0.0.pre1
 platform: ruby
 authors:
 - Delano Mandelbaum
@@ -10,43 +10,60 @@ cert_chain: []
 date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: rexml
+  name: rack
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.3.6
+        version: '3.1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.3.6
+        version: '3.1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '4.0'
 - !ruby/object:Gem::Dependency
-  name: ostruct
+  name: rack-parser
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.7'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.7'
+- !ruby/object:Gem::Dependency
+  name: rexml
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 3.3.6
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 3.3.6
 - !ruby/object:Gem::Dependency
-  name: rack
+  name: facets
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.1'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -54,23 +71,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.1'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '4.0'
 - !ruby/object:Gem::Dependency
-  name: rack-parser
+  name: loofah
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.7'
+        version: '2.20'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.7'
+        version: '2.20'
 description: 'Otto: Auto-define your rack-apps in plaintext.'
 email: gems@solutious.com
 executables: []
@@ -79,42 +93,137 @@ extra_rdoc_files: []
 files:
 - ".github/dependabot.yml"
 - ".github/workflows/ci.yml"
+- ".github/workflows/claude-code-review.yml"
+- ".github/workflows/claude.yml"
 - ".gitignore"
 - ".pre-commit-config.yaml"
 - ".pre-push-config.yaml"
 - ".rspec"
 - ".rubocop.yml"
+- CHANGELOG.rst
+- CLAUDE.md
 - Gemfile
 - Gemfile.lock
 - LICENSE.txt
 - README.md
+- bin/rspec
+- changelog.d/20250911_235619_delano_next.rst
+- changelog.d/20250912_123055_delano_remove_ostruct.rst
+- changelog.d/20250912_175625_claude_delano_remove_ostruct.rst
+- changelog.d/README.md
+- changelog.d/scriv.ini
 - docs/.gitignore
+- docs/migrating/v2.0.0-pre1.md
+- examples/.gitignore
+- examples/advanced_routes/README.md
+- examples/advanced_routes/app.rb
+- examples/advanced_routes/app/controllers/handlers/async.rb
+- examples/advanced_routes/app/controllers/handlers/dynamic.rb
+- examples/advanced_routes/app/controllers/handlers/static.rb
+- examples/advanced_routes/app/controllers/modules/auth.rb
+- examples/advanced_routes/app/controllers/modules/transformer.rb
+- examples/advanced_routes/app/controllers/modules/validator.rb
+- examples/advanced_routes/app/controllers/routes_app.rb
+- examples/advanced_routes/app/controllers/v2/admin.rb
+- examples/advanced_routes/app/controllers/v2/config.rb
+- examples/advanced_routes/app/controllers/v2/settings.rb
+- examples/advanced_routes/app/logic/admin/logic/manager.rb
+- examples/advanced_routes/app/logic/admin/panel.rb
+- examples/advanced_routes/app/logic/analytics_processor.rb
+- examples/advanced_routes/app/logic/complex/business/handler.rb
+- examples/advanced_routes/app/logic/data_logic.rb
+- examples/advanced_routes/app/logic/data_processor.rb
+- examples/advanced_routes/app/logic/input_validator.rb
+- examples/advanced_routes/app/logic/nested/feature/logic.rb
+- examples/advanced_routes/app/logic/reports_generator.rb
+- examples/advanced_routes/app/logic/simple_logic.rb
+- examples/advanced_routes/app/logic/system/config/manager.rb
+- examples/advanced_routes/app/logic/test_logic.rb
+- examples/advanced_routes/app/logic/transform_logic.rb
+- examples/advanced_routes/app/logic/upload_logic.rb
+- examples/advanced_routes/app/logic/v2/logic/dashboard.rb
+- examples/advanced_routes/app/logic/v2/logic/processor.rb
+- examples/advanced_routes/config.rb
+- examples/advanced_routes/config.ru
+- examples/advanced_routes/puma.rb
+- examples/advanced_routes/routes
+- examples/advanced_routes/run.rb
+- examples/advanced_routes/test.rb
+- examples/authentication_strategies/README.md
+- examples/authentication_strategies/app/auth.rb
+- examples/authentication_strategies/app/controllers/auth_controller.rb
+- examples/authentication_strategies/app/controllers/main_controller.rb
+- examples/authentication_strategies/config.ru
+- examples/authentication_strategies/routes
+- examples/basic/README.md
 - examples/basic/app.rb
 - examples/basic/config.ru
 - examples/basic/routes
-- examples/dynamic_pages/app.rb
-- examples/dynamic_pages/config.ru
-- examples/dynamic_pages/routes
-- examples/helpers_demo/app.rb
-- examples/helpers_demo/config.ru
-- examples/helpers_demo/routes
+- examples/mcp_demo/README.md
+- examples/mcp_demo/app.rb
+- examples/mcp_demo/config.ru
+- examples/mcp_demo/routes
+- examples/security_features/README.md
 - examples/security_features/app.rb
 - examples/security_features/config.ru
 - examples/security_features/routes
 - lib/otto.rb
+- lib/otto/core/configuration.rb
+- lib/otto/core/error_handler.rb
+- lib/otto/core/file_safety.rb
+- lib/otto/core/middleware_stack.rb
+- lib/otto/core/router.rb
+- lib/otto/core/uri_generator.rb
 - lib/otto/design_system.rb
 - lib/otto/helpers/base.rb
 - lib/otto/helpers/request.rb
 - lib/otto/helpers/response.rb
+- lib/otto/helpers/validation.rb
+- lib/otto/mcp/auth/token.rb
+- lib/otto/mcp/protocol.rb
+- lib/otto/mcp/rate_limiting.rb
+- lib/otto/mcp/registry.rb
+- lib/otto/mcp/route_parser.rb
+- lib/otto/mcp/server.rb
+- lib/otto/mcp/validation.rb
 - lib/otto/response_handlers.rb
+- lib/otto/response_handlers/auto.rb
+- lib/otto/response_handlers/base.rb
+- lib/otto/response_handlers/default.rb
+- lib/otto/response_handlers/factory.rb
+- lib/otto/response_handlers/json.rb
+- lib/otto/response_handlers/redirect.rb
+- lib/otto/response_handlers/view.rb
 - lib/otto/route.rb
 - lib/otto/route_definition.rb
 - lib/otto/route_handlers.rb
+- lib/otto/route_handlers/base.rb
+- lib/otto/route_handlers/class_method.rb
+- lib/otto/route_handlers/factory.rb
+- lib/otto/route_handlers/instance_method.rb
+- lib/otto/route_handlers/lambda.rb
+- lib/otto/route_handlers/logic_class.rb
 - lib/otto/security/authentication.rb
+- lib/otto/security/authentication/auth_strategy.rb
+- lib/otto/security/authentication/authentication_middleware.rb
+- lib/otto/security/authentication/failure_result.rb
+- lib/otto/security/authentication/strategies/api_key_strategy.rb
+- lib/otto/security/authentication/strategies/permission_strategy.rb
+- lib/otto/security/authentication/strategies/public_strategy.rb
+- lib/otto/security/authentication/strategies/role_strategy.rb
+- lib/otto/security/authentication/strategies/session_strategy.rb
+- lib/otto/security/authentication/strategy_result.rb
 - lib/otto/security/config.rb
+- lib/otto/security/configurator.rb
 - lib/otto/security/csrf.rb
+- lib/otto/security/middleware/csrf_middleware.rb
+- lib/otto/security/middleware/rate_limit_middleware.rb
+- lib/otto/security/middleware/validation_middleware.rb
+- lib/otto/security/rate_limiter.rb
+- lib/otto/security/rate_limiting.rb
 - lib/otto/security/validator.rb
 - lib/otto/static.rb
+- lib/otto/utils.rb
 - lib/otto/version.rb
 - otto.gemspec
 - public/favicon.ico

data/examples/dynamic_pages/app.rb

@@ -1,115 +0,0 @@
-# examples/basic/app.rb (Streamlined with Design System)
-
-require_relative '../../lib/otto/design_system'
-
-class App
-  include Otto::DesignSystem
-
-  attr_reader :req, :res
-
-  def initialize(req, res)
-    @req                        = req
-    @res                        = res
-    res.headers['content-type'] = 'text/html; charset=utf-8'
-  end
-
-  def index
-    # This demonstrates nested heredocs in Ruby
-    # The outer heredoc uses <<~HTML delimiter
-    content = <<~HTML
-      <div class="otto-card otto-text-center">
-        <img src="/img/otto.jpg" alt="Otto Framework" class="otto-logo" />
-        <h1>Otto Framework</h1>
-        <p>Minimal Ruby web framework with style</p>
-      </div>
-
-      #{otto_card('Dynamic Pages') do
-        # This is a nested heredoc within the outer HTML heredoc
-        # It uses a different delimiter (EXAMPLES) to avoid conflicts
-        # The #{} interpolation allows the inner heredoc to be embedded
-        <<~EXAMPLES
-          #{otto_link('Product #100', '/product/100')} - View product page<br>
-          #{otto_link('Product #42', '/product/42')} - Different product<br>
-          #{otto_link('API Data', '/product/100.json')} - JSON endpoint
-        EXAMPLES
-      end}
-    HTML
-
-    res.send_secure_cookie :sess, 1_234_567, 3600
-    res.body = otto_page(content)
-  end
-
-  def receive_feedback
-    message = req.params['msg']&.strip
-
-    content = if message.nil? || message.empty?
-      otto_alert('error', 'Empty Message', 'Please enter a message before submitting.')
-    else
-      otto_alert('success', 'Feedback Received', 'Thanks for your message!') +
-        otto_card('Your Message') { otto_code_block(message, 'text') }
-    end
-
-    content += "<p>#{otto_link('← Back', '/')}</p>"
-    res.body = otto_page(content, 'Feedback')
-  end
-
-  def redirect
-    res.redirect '/robots.txt'
-  end
-
-  def robots_text
-    res.headers['content-type'] = 'text/plain'
-    res.body                    = ['User-agent: *', 'Disallow: /private'].join($/)
-  end
-
-  def display_product
-    prodid = req.params[:prodid]
-
-    # Check if JSON is requested via .json extension or Accept header
-    wants_json = req.path_info.end_with?('.json') ||
-                 req.env['HTTP_ACCEPT']&.include?('application/json')
-
-    if wants_json
-      res.headers['content-type'] = 'application/json; charset=utf-8'
-      res.body                    = format('{"product":%s,"msg":"Hint: try another value"}', prodid)
-    else
-      # Return HTML product page
-      product_data = {
-        'Product ID' => prodid,
-        'Name' => "Sample Product ##{prodid}",
-        'Price' => "$#{rand(10..999)}.99",
-        'Description' => 'This is a demonstration product showing dynamic routing with parameter :prodid',
-        'Stock' => rand(0..50) > 5 ? 'In Stock' : 'Out of Stock',
-      }
-
-      product_html = product_data.map do |key, value|
-        "<p><strong>#{key}:</strong> #{escape_html(value.to_s)}</p>"
-      end.join
-
-      content = <<~HTML
-        #{otto_card('Product Details') { product_html }}
-
-        <p>
-          #{otto_link('← Back to Home', '/')} |
-          #{otto_link('View as JSON', "/product/#{prodid}.json")}
-        </p>
-      HTML
-
-      res.body = otto_page(content, "Product ##{prodid}")
-    end
-  end
-
-  def not_found
-    res.status = 404
-    content    = otto_alert('error', 'Not Found', 'The requested page could not be found.')
-    content   += "<p>#{otto_link('← Home', '/')}</p>"
-    res.body   = otto_page(content, '404')
-  end
-
-  def server_error
-    res.status = 500
-    content    = otto_alert('error', 'Server Error', 'An internal server error occurred.')
-    content   += "<p>#{otto_link('← Home', '/')}</p>"
-    res.body   = otto_page(content, '500')
-  end
-end

data/examples/dynamic_pages/config.ru

@@ -1,30 +0,0 @@
-# examples/basic/config.ru
-
-# OTTO EXAMPLE APP CONFIG - 2025-08-18
-#
-# Usage:
-#
-#     $ thin -e dev -R config.ru -p 10770 start
-
-public_path = File.expand_path('../../public', __dir__)
-
-require_relative '../../lib/otto'
-require_relative 'app'
-
-app = Otto.new('routes')
-
-# DEV: Run web apps with extra logging and reloading
-if Otto.env?(:dev)
-
-  map('/') do
-    use Rack::CommonLogger
-    use Rack::Reloader, 0
-    app.option[:public] = public_path
-    app.add_static_path '/favicon.ico'
-    run app
-  end
-
-# PROD: run the webapp on the metal
-else
-  map('/') { run app }
-end

data/examples/dynamic_pages/routes

@@ -1,21 +0,0 @@
-# examples/basic/routes
-
-# OTTO - ROUTES EXAMPLE
-
-# Each route has three parts:
-#  * HTTP verb (GET, POST, PUT, DELETE or HEAD)
-#  * URI path
-#  * Ruby class and method to call
-
-GET   /                         App#index
-POST  /                         App#receive_feedback
-GET   /redirect                 App#redirect
-GET   /robots.txt               App#robots_text
-GET   /product/:prodid          App#display_product
-
-GET   /bogus                    App#no_such_method
-
-# You can also define these handlers when no
-# route can be found or there's a server error. (optional)
-GET   /404                      App#not_found
-GET   /500                      App#server_error